<?php
/**
 * Authenticate a user by checking that a session exists.
 */

if (!F3::exists('SESSION.user_id'))
{
  // not authenticated
  header('HTTP/1.1 403');
  header("Content-Type: application/json");
  $err = array("error_message" => "Not authenticated.");
  echo json_encode($err);
  F3::set('auth_error', 1);
  return;
}

// if the URL contains a user id, check that it corresponds to the user id in the session
/*if (F3::exists('PARAMS["user_id"]'))
{
  // check that the user ids correspond
  if (F3::get('SESSION.user_id') != F3::get('PARAMS["user_id"]'))
  {
    // user id in session and in URL do not match
    header('HTTP/1.1 403');
    header("Content-Type: application/json");
    $err = array("error_message" => "Not authenticated.");
    echo json_encode($err);
    F3::set('auth_error', 1);
    return;
  }
}
*/
?>
